Certified Information Systems Security Professional (or CISSP) is a vendor-neutral certification governed by the International Information Systems Security Certification Consortium ((ISC)²). It is considered one of the premiere security certifications.

According to its sponsor (ISC)2 (http://www.isc2.org), applicants for the CISSP must have one of the following to qualify:

• A minimum of four years of direct full-time security professional work experience in one or more of the ten domains of the Common Body of Knowledge
• Three years of direct full-time of the Common Body of Knowledge with a four-year college degree.

A Master's Degree in Information Security from a National Center of Academic Excellence (CAE) can substitute for one year toward the four-year requirement.

Applicants pay a fee of $499 and submit to a lengthy 6 hour multiple-choice exam that it is not computer based and is under intense supervision to prevent cheating. The certification test consists of 250 questions to be answered over six hours. The CISSP test includes information from 10 different domains which comprise the Common Body of Knowledge.

The CISSP has been described as covering Information Security topics "A mile wide, and an inch deep." The certification demonstrates a wide range of expertise in a variety of topics as listed below.

The Common Body of Knowledge includes:

• Access Control Systems & Methodology
• Applications & Systems Development
• Business Continuity Planning & Disaster Recovery
• Cryptography
• Law, Investigation & Ethics
• Operations Security
• Physical Security
• Security Architecture & Models
• Security Management Practices
• Telecommunications, Network & Internet Security

For experienced information security professionals with an International Information Systems Security Certification Consortium ((ISC)²) credential in good standing, (ISC)² Concentrations demonstrate their acquired rigorous knowledge of select CBK® domains. Passing a concentration examination demonstrates proven capabilities and subject-matter expertise beyond that required for the CISSP or SSCP credentials.

Current Concentrations for CISSPs include the:

• ISSAP, Concentration in Architecture
• ISSEP, Concentration in Engineering
• ISSMP, Concentration in Management

See also

• infosec institute
• Information Security Forum

External links

• (ISC)²
• (ISC)² Definition of a Professional
• CISSP Core Principles
• CISSP Free Resources

CISSP | Computer security procedures | IT qualifications

CISSP | Certified Information System Security Professional | CISSP